Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.17 views

WP Tell a Friend Popup Form <= 7.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.15 views

Profile Extra Fields by BestWebSoft < 1.2.8 - Unauthenticated Sensitive Data Disclosure

Description The plugin does not have authorisation in the prflxtrfldsexportfile function, allowing unauthenticated users to retrieve sensitive data such as the ones entered in custom fields...

5.3CVSS6.9AI score0.00467EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.9 views

Slick Contact Forms <= 1.3.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.6AI score0.00345EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.16 views

Short URL <= 1.6.8 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS7AI score0.0021EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.100 views

Smarty for WordPress <= 3.1.35 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00204EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.12 views

LeadSquared Suite <= 0.7.4 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.8 views

WP Gallery Metabox <= 1.0.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.10 views

WP Hide Pages <= 1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.17 views

Maintenance Switch <= 1.5.2 - Theme Files Creation/Deletion via CSRF

Description The plugin does not have CSRF checks when creating and deleting theme files as well as reseting settings, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.20 views

Use Memcached <= 1.0.5 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.9 views

Contact Form <= 2.0.10 - Form Styling Update via CSRF

Description The plugin does not have CSRF check when updating the contact form styling, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.12 views

Instant CSS < 1.1.5 - Subscriber+ Unauthorised AJAX Calls

Description The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify/access theme and CSS data for example. It could also lead to Stored XSS issues...

5.3AI score0.00434EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.15 views

WP Synchro < 1.10.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00255EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.12 views

Live News < 1.07 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.13 views

Enhanced Ecommerce Google Analytics for WooCommerce < 3.7.2 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS7AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.18 views

Fraud Prevention For Woocommerce < 2.1.6 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS6.4AI score0.00191EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.13 views

Woocommerce ESTO < 2.23.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.9AI score0.00223EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.19 views

Google Map Shortcode <= 3.1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.12 views

Kv TinyMCE Editor Add Fonts <= 1.1 - Font List Update via CSRF

Description The plugin does not have CSRF check when updating its font list, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.4AI score0.00221EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.9 views

Add Shortcodes Actions And Filters < 2.10 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00216EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.16 views

WP Emoji One <= 0.6.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.9 views

WP Like Button <= 1.7.0 - Button Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its Button settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.14 views

Post View Count <= 1.8.4 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.11 views

ShortCodes UI <= 1.9.8 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS7AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.17 views

HTTP Auth < 1.0.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.9AI score0.00194EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.10 views

MakeStories (for Google Web Stories) <= 2.8.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS8.5AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.15 views

Video Gallery & Management < 3.3.6 - Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.13 views

Woocommerce Category Banner Management < 2.4.3 - Shop Banner Settings Update via CSRF

Description The plugin does not have CSRF check when updating its Shop Banner settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...

6.5CVSS6.4AI score0.00191EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.17 views

Checkfront Online Booking System < 3.7 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.9 views

Shockingly Simple Favicon <= 1.8.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.18 views

WooCommerce Login Redirect <= 2.2.4 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.9 views

CopyRightPro <= 2.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.10 views

Realbig <= 1.0.6 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings as well as clear logs and cache, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS8.6AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.16 views

Remove slug from custom post type <= 1.0.3 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00227EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.8 views

Easy WP Cleaner <= 1.9 - Data Deletion via CSRF

Description The plugin does not have CSRF check when deleting data from the blog, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.25 views

ChatBot < 4.7.9 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00214EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.20 views

Leadster < 1.1.3 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its Script Code setting, which could allow attackers to make a logged in admin change it via a CSRF attack...

8.8CVSS6.6AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/11 12:0 a.m.18 views

WP Forms Puzzle Captcha <= 4.1 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.17 views

MyCryptoCheckout < 2.126 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.9 views

Outbound Link Manager <= 1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.19 views

GTmetrix for WordPress < 0.4.8 - Arbitrary Post Deletion via CSRF

Description The plugin does not have CSRF check when deleting posts, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.23 views

WP-CopyProtect <= 3.1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.13 views

Order Delivery Date for WP e-Commerce <= 1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.15 views

Make Paths Relative <= 1.3.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.11 views

GEO my WordPress < 4.0.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6AI score0.00412EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.14 views

WP-dTree <= 4.4.5 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.0021EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.13 views

WP Super Minify < 1.6 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00208EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.18 views

Block Update < 3.3.2 - Arbitrary Plugin Update Blocking via CSRF

Description The plugin does not have CSRF check when blocking plugin from being updated, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

8.8CVSS8.6AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.16 views

WP Captcha <= 2.0.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00216EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.7 views

WP Custom Post Template <= 1.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0
Total number of security vulnerabilities14603